use hdnode_private_ckd_cached where appropriate

firmware/crypto.c

@@ -161,9 +161,6 @@ int cryptoMessageVerify(const uint8_t *message, size_t message_len, const uint8_
 	return 0;
 }
 
-// internal from ecdsa.c
-int generate_k_random(bignum256 *k);
-
 int cryptoMessageEncrypt(curve_point *pubkey, const uint8_t *msg, size_t msg_size, bool display_only, uint8_t *nonce, size_t *nonce_len, uint8_t *payload, size_t *payload_len, uint8_t *hmac, size_t *hmac_len, const uint8_t *privkey, const uint8_t *address_raw)
 {
 	if (privkey && address_raw) { // signing == true

firmware/fsm.c

@@ -100,19 +100,10 @@ const HDNode *fsm_getDerivedNode(uint32_t *address_n, size_t address_n_count)
 	if (!address_n || address_n_count == 0) {
 		return &node;
 	}
-	size_t i;
-	if (address_n_count > 3) {
-		layoutProgressSwipe("Preparing keys", 0);
-	}
-	for (i = 0; i < address_n_count; i++) {
-		if (hdnode_private_ckd(&node, address_n[i]) == 0) {
-			fsm_sendFailure(FailureType_Failure_Other, "Failed to derive private key");
-			layoutHome();
-			return 0;
-		}
-		if (address_n_count > 3) {
-			layoutProgress("Preparing keys", 1000 * i / address_n_count);
-		}
+	if (hdnode_private_ckd_cached(&node, address_n, address_n_count) == 0) {
+		fsm_sendFailure(FailureType_Failure_Other, "Failed to derive private key");
+		layoutHome();
+		return 0;
 	}
 	return &node;
 }

firmware/signing.c

@@ -318,13 +318,10 @@ void signing_txack(TransactionType *tx)
 			}
 			if (idx3i == idx1i) {
 				memcpy(&node, root, sizeof(HDNode));
-				uint32_t k;
-				for (k = 0; k < tx->inputs[0].address_n_count; k++) {
-					if (hdnode_private_ckd(&node, tx->inputs[0].address_n[k]) == 0) {
-						fsm_sendFailure(FailureType_Failure_Other, "Failed to derive private key");
-						signing_abort();
-						return;
-					}
+				if (hdnode_private_ckd_cached(&node, tx->inputs[0].address_n, tx->inputs[0].address_n_count) == 0) {
+					fsm_sendFailure(FailureType_Failure_Other, "Failed to derive private key");
+					signing_abort();
+					return;
 				}
 				if (tx->inputs[0].script_type == InputScriptType_SPENDMULTISIG) {
 					if (!tx->inputs[0].has_multisig) {

firmware/transaction.c

@@ -66,15 +66,11 @@ int compile_output(const CoinType *coin, const HDNode *root, TxOutputType *in, T
 		// address_n provided-> change address -> calculate from address_n
 		if (in->address_n_count > 0) {
 			HDNode node;
-			uint32_t k;
 			memcpy(&node, root, sizeof(HDNode));
-			layoutProgressUpdate(true);
-			for (k = 0; k < in->address_n_count; k++) {
-				if (hdnode_private_ckd(&node, in->address_n[k]) == 0) {
-					return 0;
-				}
-				layoutProgressUpdate(true);
+			if (hdnode_private_ckd_cached(&node, in->address_n, in->address_n_count) == 0) {
+				return 0;
 			}
+			layoutProgressUpdate(true);
 			ecdsa_get_address_raw(node.public_key, coin->address_type, addr_raw);
 		} else
 		if (in->has_address) { // address provided -> regular output

memory.c

@@ -32,8 +32,8 @@ void memory_protect(void)
 		return; // already set up correctly - bail out
 	}
 	flash_unlock_option_bytes();
-	//                                 WRP +    RDP
-	flash_program_option_bytes( 0xFFFC0000 + 0xCCFF);
+	//                                WRP +    RDP
+	flash_program_option_bytes(0xFFFC0000 + 0xCCFF);
 	flash_lock_option_bytes();
 }
 

trezor-crypto

@@ -1 +1 @@
-Subproject commit 795579cbacb5e4bd072d7cef2a2638f1d44c2d0d
+Subproject commit aa1833ba3fd9301dd275c1c34c1ce5dd9ae703be